Hackers change tactics to crack open computers

A major change in the methods used by hackers to break into computers has been revealed in a report issued by an influential research institute on Tuesday.

The study suggests that computer criminals have shifted attention away from bugs in operating system software, such as Microsoft's Windows platform, to focus on flaws in individual software packages.

The non-profit SANS Institute, based in Maryland, US, reveals the change in tactics in its Top 20 report on software vulnerabilities.

"We are seeing a trend to exploit not only Windows, but other vendor programs installed on large numbers of systems," says Rohit Dhamankar, project manager for the report. "These include back-up software, anti-virus software, database software and even media players."

The report says that, over the last five years, hackers focused predominantly on operating systems. The shift away from this has been brought about by greater focus on security from operating system developers, the researchers write.

They note, for example, that Microsoft now issues regular monthly software updates to plug holes in its operating system, prompting hackers to pursue bugs in individual software packages instead.

Entire networks

The types of bugs affecting operating systems and individual software packages are similar. Although the packages do not operate at the fundamental level of an operating system they can often access important parts of a computer, such as its temporary memory.

Dhamankar says targeting bugs in packages can be just as effective for attackers. "Flaws in these programs put critical national and corporate resources at risk and have the potential to compromise entire networks," he says.

According to the SANS report, software used to back-up data is most commonly targeted by hackers. Ironically, anti-virus software is the next most popular target.

Buffer-overflow bugs

Several critical flaws have been discovered with back-up software over the course of 2005. The report notes that gaining access to a machine running back-up software will often provide large amounts of potentially valuable data, as well as broader access to a computer network.

Anti-virus software is particularly attractive to hackers because it is installed very widely and runs unobtrusively in the background on a machine. The Top 20 report notes that "buffer overflow" bugs have been reported with most leading anti-virus programs over the past year. This type of bug can be used to overwrite key portions of a computer's memory, causing a system to crash or to rewrite key information.

The SANS Institute is one of the leading computer security certification organisations in the world. The report was compiled with the help of researchers from seven organisations, including the US government's Computer Emergency Response Team (CERT), the British government's National Infrastructure Security Co-Ordination Centre (NISCC) and companies Tipping Point and Qualys.

If you would like to reuse any content from New Scientist, either in print or online, please contact the syndication department first for permission. New Scientist does not own rights to photos, but there are a variety of licensing options available for use of articles and graphics we own the copyright to.